Incorrect http.conf on vicibox 9?

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

Incorrect http.conf on vicibox 9?

Postby dspaan » Mon Mar 23, 2020 7:12 pm

I noticed my webphone wasn't working on vicibox9 even though i had a valid SSL cert.

Chrome dev console said:

Code: Select all
sip.js:8403 WebSocket connection to 'wss://myserver:8089/ws' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED


After some troubleshooting i replaced /etc/asterisk/http.conf with a version from vicibox 8 and bang! My webphone worked like a charm again.

Is this a bug? The http.conf on vicibox9 looks completely different from the one on vicibox8, the settings also mentioned in this thread are missing:

viewtopic.php?t=37686
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1324
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Incorrect http.conf on vicibox 9?

Postby williamconley » Mon Mar 23, 2020 9:24 pm

Perhaps you should diff between the two and find the differences?
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: NonDisruptive Lead Loader for Enterprise Vicidial Clusters.
(IE: Keep on dialing even while loading large lists!)
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 19647
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Incorrect http.conf on vicibox 9?

Postby dspaan » Tue Mar 24, 2020 3:49 am

The files are completely different.

Image

The one in vicibox9 is full of explanatory text which is all commented out. The only line that's not commented out is [general].

The working file has these lines:

[general]
;servername=Asterisk
enabled=yes
bindaddr=0.0.0.0
bindport=8088
;prefix=asterisk
;sessionlimit=100
;session_inactivity=30000
;session_keep_alive=15000
;enablestatic=yes
;redirect = / /static/config/index.html
tlsenable=yes ; enable tls - default no.
tlsbindaddr=0.0.0.0:8089 ; address and port to bind to - default is bindaddr and port 8089.
tlscertfile=/etc/certbot/live/myserver.com/cert.pem
tlsprivatekey=/etc/certbot/live/myserver.com/privkey.pem

Of course the fact that the vicibox-certbot script doesn't work can also play a part in this.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1324
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Incorrect http.conf on vicibox 9?

Postby williamconley » Tue Mar 24, 2020 4:52 am

Do not include any lines that start with a semi colon. Those are comments.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: NonDisruptive Lead Loader for Enterprise Vicidial Clusters.
(IE: Keep on dialing even while loading large lists!)
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 19647
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Incorrect http.conf on vicibox 9?

Postby dspaan » Tue Mar 24, 2020 4:56 am

Yeah i know, i just pasted quickly top to bottom of the file, that's all that's in there.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1324
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Incorrect http.conf on vicibox 9?

Postby williamconley » Tue Mar 24, 2020 9:30 am

OK: I"m a bit confused. Have you posted the difference between the two "active" lines? Or is there just the one ...
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: NonDisruptive Lead Loader for Enterprise Vicidial Clusters.
(IE: Keep on dialing even while loading large lists!)
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 19647
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Incorrect http.conf on vicibox 9?

Postby dspaan » Tue Mar 24, 2020 9:44 am

The screenshot is just a file compare from winmerge, but you can't scroll in a screenshot so i posted the working file below the screenshot, it only has those lines whereas the vicibox 9 version has a lot of comments and not those lines.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1324
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Incorrect http.conf on vicibox 9?

Postby williamconley » Tue Mar 24, 2020 9:48 am

So vicibox 9 has nothing in that file?

It should at least have an include imperative to load other files.

Perhaps you should dump both files to disk without the comments and diff the results?
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: NonDisruptive Lead Loader for Enterprise Vicidial Clusters.
(IE: Keep on dialing even while loading large lists!)
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 19647
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Incorrect http.conf on vicibox 9?

Postby alo » Tue Mar 24, 2020 10:43 am

Just a quick Note. it works fine for me. there may be something commented that you need to uncomment if I recal.
alo
 
Posts: 148
Joined: Wed Jun 20, 2012 10:21 am

Re: Incorrect http.conf on vicibox 9?

Postby dspaan » Tue Mar 24, 2020 11:53 am

Yes, i already downloaded the file from both systems. Here is the one from vicibox9. Everything commented out except for two lines.

Code: Select all
;
; Asterisk Builtin mini-HTTP server
;
;
; Note about Asterisk documentation:
;   If Asterisk was installed from a tarball, then the HTML documentation should
;   be installed in the static-http/docs directory which is
;   (/var/lib/asterisk/static-http/docs) on linux by default.  If the Asterisk
;   HTTP server is enabled in this file by setting the "enabled", "bindaddr",
;   and "bindport" options, then you should be able to view the documentation
;   remotely by browsing to:
;       http://<server_ip>:<bindport>/static/docs/index.html
;
[general]
;
; The name of the server, advertised in both the Server field in HTTP
; response message headers, as well as the <address /> element in certain HTTP
; response message bodies. If not furnished here, "Asterisk/{version}" will be
; used as a default value for the Server header field and the <address />
; element. Setting this property to a blank value will result in the omission
; of the Server header field from HTTP response message headers and the
; <address /> element from HTTP response message bodies.
;
;servername=Asterisk
;
; Whether HTTP/HTTPS interface is enabled or not.  Default is no.
; This also affects manager/rawman/mxml access (see manager.conf)
;
;enabled=yes
;
; Address to bind to, both for HTTP and HTTPS. You MUST specify
; a bindaddr in order for the HTTP server to run. There is no
; default value.
;
bindaddr=127.0.0.1
;
; Port to bind to for HTTP sessions (default is 8088)
;
;bindport=8088
;
; Prefix allows you to specify a prefix for all requests
; to the server.  The default is blank.  If uncommented
; all requests must begin with /asterisk
;
;prefix=asterisk
;
; sessionlimit specifies the maximum number of httpsessions that will be
; allowed to exist at any given time. (default: 100)
;
;sessionlimit=100
;
; session_inactivity specifies the number of milliseconds to wait for
; more data over the HTTP connection before closing it.
;
; Default: 30000
;session_inactivity=30000
;
; session_keep_alive specifies the number of milliseconds to wait for
; the next HTTP request over a persistent connection.
;
; Set to 0 to disable persistent HTTP connections.
; Default: 15000
;session_keep_alive=15000
;
; Whether Asterisk should serve static content from static-http
; Default is no.
;
;enablestatic=yes
;
; Redirect one URI to another.  This is how you would set a
; default page.
;   Syntax: redirect=<from here> <to there>
; For example, if you are using the Asterisk-gui,
; it is convenient to enable the following redirect:
;
;redirect = / /static/config/index.html
;
; HTTPS support. In addition to enabled=yes, you need to
; explicitly enable tls, define the port to use,
; and have a certificate somewhere.
;tlsenable=yes          ; enable tls - default no.
;tlsbindaddr=0.0.0.0:8089    ; address and port to bind to - default is bindaddr and port 8089.
;
;tlscertfile=</path/to/certificate.pem>  ; path to the certificate file (*.pem) only.
;tlsprivatekey=</path/to/private.pem>    ; path to private key file (*.pem) only.
; If no path is given for tlscertfile or tlsprivatekey, default is to look in current
; directory. If no tlsprivatekey is given, default is to search tlscertfile for private key.
;
; To produce a certificate you can e.g. use openssl. This places both the cert and
; private in same .pem file.
; openssl req -new -x509 -days 365 -nodes -out /tmp/foo.pem -keyout /tmp/foo.pem
;
; tlscipher=                             ; The list of allowed ciphers
;                                        ; if none are specified the following cipher
;                                        ; list will be used instead:
; ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:
; ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:
; kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
; ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
; ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:
; DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
; AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:
; AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:
; !EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
;
; tlsdisablev1=yes                ; Disable TLSv1 support - if not set this defaults to "yes"
; tlsdisablev11=yes               ; Disable TLSv1.1 support - if not set this defaults to "no"
; tlsdisablev12=yes               ; Disable TLSv1.2 support - if not set this defaults to "no"
;
; tlsservercipherorder=yes        ; Use the server preference order instead of the client order
;                                 ; Defaults to "yes"
;
; The post_mappings section maps URLs to real paths on the filesystem.  If a
; POST is done from within an authenticated manager session to one of the
; configured POST mappings, then any files in the POST will be placed in the
; configured directory.
;
;[post_mappings]
;
; NOTE: You need a valid HTTP AMI mansession_id cookie with the manager
; config permission to POST files.
;
; In this example, if the prefix option is set to "asterisk", then using the
; POST URL: /asterisk/uploads will put files in /var/lib/asterisk/uploads/.
;uploads = /var/lib/asterisk/uploads/
;
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1324
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Incorrect http.conf on vicibox 9?

Postby williamconley » Tue Mar 24, 2020 11:54 am

alo wrote:Just a quick Note. it works fine for me. there may be something commented that you need to uncomment if I recal.

Excellent contribution.

Can you post your copy of that file? Or at least the Uncommented lines? (as text, not image, lol)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: NonDisruptive Lead Loader for Enterprise Vicidial Clusters.
(IE: Keep on dialing even while loading large lists!)
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 19647
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Incorrect http.conf on vicibox 9?

Postby Kumba » Thu Apr 16, 2020 5:51 pm

These items needs to be uncommented:

tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=</path/to/certificate.pem>
tlsprivatekey=</path/to/private.pem>

You'll want to make sure the tlscertfile and tlsprivatekey point to the actual SSL cert and key. This issue is corrected in ViciBox v.9.0.2 and hopefully up.
Kumba
 
Posts: 873
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: Incorrect http.conf on vicibox 9?

Postby carpenox » Sun Apr 26, 2020 3:30 am

This may be a stupid question, but where is that http.conf file located at? because when i look in /etc/apache2/ i find httpd.conf but theres none of those settings in it and when i try to use WebRTC it says reg. failed. I Used the vicibox 9.0.2 installer and ran vicibox-certbot to get my certificate.
ViciBox v9.0.3 | Version: 2.14-779a | BUILD: 201123-2300 | SVN Version: 3331 | DB Schema Version: 1612 | Asterisk 13.38.0
http://www.CyburityLLC.com -:- 844-PC-SATA-2 -:- www.contactcentersRus.com -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 779
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Incorrect http.conf on vicibox 9?

Postby dspaan » Sun Apr 26, 2020 6:34 am

/etc/asterisk/http.conf

This is for asterisk only. Not for general Apache.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1324
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Incorrect http.conf on vicibox 9?

Postby carpenox » Sun Apr 26, 2020 2:09 pm

Thank you dspann, damn all that is already there and im still getting reg failed.
ViciBox v9.0.3 | Version: 2.14-779a | BUILD: 201123-2300 | SVN Version: 3331 | DB Schema Version: 1612 | Asterisk 13.38.0
http://www.CyburityLLC.com -:- 844-PC-SATA-2 -:- www.contactcentersRus.com -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 779
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Incorrect http.conf on vicibox 9?

Postby dspaan » Mon Apr 27, 2020 6:16 am

Did you set the web socket URL under Admin>Servers?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1324
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Incorrect http.conf on vicibox 9?

Postby carpenox » Mon Apr 27, 2020 9:16 am

yes sir...
ViciBox v9.0.3 | Version: 2.14-779a | BUILD: 201123-2300 | SVN Version: 3331 | DB Schema Version: 1612 | Asterisk 13.38.0
http://www.CyburityLLC.com -:- 844-PC-SATA-2 -:- www.contactcentersRus.com -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 779
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Incorrect http.conf on vicibox 9?

Postby dspaan » Mon Apr 27, 2020 9:25 am

These are the files i edit when creating a new server:

nano /etc/apache2/vhosts.d/dynportal-ssl.conf
nano /srv/www/vhosts/dynportal/inc/defaults.inc.php

Admin>templates>WebRTC
Admin>Servers>Web socket URL

Also check this: https://viciphone.com/?page_id=353

Are you using the vicibox firewall and manually opening ports or are you using the dynamic or whitelist function from VB-firewall?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1324
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Incorrect http.conf on vicibox 9?

Postby carpenox » Mon Apr 27, 2020 10:34 am

I havent setup whitelist, since ive been trying out different carriers ive only enabled blacklist on vb-firewall at the moment. i was just curious about dynportal not showing up under the SSL cert, im gonna redo the webrtc now tho and see how it goes, ill follow your lead, thx
ViciBox v9.0.3 | Version: 2.14-779a | BUILD: 201123-2300 | SVN Version: 3331 | DB Schema Version: 1612 | Asterisk 13.38.0
http://www.CyburityLLC.com -:- 844-PC-SATA-2 -:- www.contactcentersRus.com -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 779
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Incorrect http.conf on vicibox 9?

Postby Kumba » Wed Apr 29, 2020 12:43 am

Looks like the bindaddr needs adjusting.
Your /etc/asterisk/http.conf should have these major lines uncommented and set as such:

enabled=yes
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/apache2/ssl.crt/<certfile>.crt
tlsprivatekey=/etc/apache2/ssl.key/<certfile>.key




The tlscertfile and tlsprivatekey parts need to point to your actual certificate files. Also make sure you're using the DNS in the wss line, like wss://my.server.domain:8089/ws
Kumba
 
Posts: 873
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: Incorrect http.conf on vicibox 9?

Postby carpenox » Wed Apr 29, 2020 1:46 am

and the template for viciphone needs to have "dtls" ?

dtlsverify=no
dtlscertfile=/PATH/TO/YOUR/SSL/CERT/FILE
dtlsprivatekey=/PATH/TO/YOUR/SSL/KEY/FILE
dtlssetup=actpass
ViciBox v9.0.3 | Version: 2.14-779a | BUILD: 201123-2300 | SVN Version: 3331 | DB Schema Version: 1612 | Asterisk 13.38.0
http://www.CyburityLLC.com -:- 844-PC-SATA-2 -:- www.contactcentersRus.com -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 779
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Incorrect http.conf on vicibox 9?

Postby bossmon » Fri May 08, 2020 7:34 am

Hello, I'm confused. I'm having the same issue and finding conflicting information.

Should this be "tlsbindaddr=0.0.0.0:8900" or "tlsbindaddr=0.0.0.0:8089".

The documentation on viciphone https://viciphone.com/?page_id=351 says "tlsbindaddr=0.0.0.0:8089"

please confirm.

Kumba wrote:Looks like the bindaddr needs adjusting.
Your /etc/asterisk/http.conf should have these major lines uncommented and set as such:

enabled=yes
tlsenable=yes
tlsbindaddr=0.0.0.0:8900
tlscertfile=/etc/apache2/ssl.crt/<certfile>.crt
tlsprivatekey=/etc/apache2/ssl.key/<certfile>.key




The tlscertfile and tlsprivatekey parts need to point to your actual certificate files. Also make sure you're using the DNS in the wss line, like wss://my.server.domain:8089/ws
bossmon
 
Posts: 29
Joined: Sat Mar 21, 2020 3:11 am

Re: Incorrect http.conf on vicibox 9?

Postby Kumba » Fri May 08, 2020 6:15 pm

My bad, it was a typo. I corrected the above post. It should be tlsbindaddr=0.0.0.0:8089
Kumba
 
Posts: 873
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 52 guests